BlackShades was an organisation developing and selling malicious software (malware) that enabled buyers to infect computers and remotely take over and control the operations of the infected computers, and perform distributed denial-of-service (DDoS) cyber-attacks, among other things. An FBI investigation revealed links to several Member States. An example from the Netherlands of how the malware could be used for criminal purposes was that of an 18-year-old man who infected at least 2 000 computers, controlling the victims’ webcams to take pictures of women and girls.

Eurojust was approached through the Dutch prosecutor who was in contact with the FBI and the US Attorney’s Office regarding this investigation. While the US authorities intended to take down the BlackShades server, they did not have the intention of pursuing foreign subjects for prosecution in the USA. As creators, sellers and users of BlackShades malware were targeted by judicial and law enforcement authorities in 16 States during this worldwide investigation, the added value of judicial cooperation was apparent and the Netherlands opened a case in November 2013; a coordination meeting was convened in the same month. Three additional coordination meetings were organised in January, April and July 2014.

The objective of the initial coordination meeting was to ascertain which States could take judicial measures against identified subjects and to explore the possibility of a common judicial approach among the States involved. Although arranged on relatively short notice, authorities from the requesting State, the USA, Romania, Belgium, Germany, France and representatives from EC3 at Europol attended the meeting. Some States had been carrying out their own investigations into this malware and acknowledged the need for judicial cooperation at international level. It was evident that States other than those participating in the meeting were affected, and at subsequent meetings, these States were invited.

The US authorities were already at an advanced stage in their investigations and informed this first meeting of a two-step plan: the dismantling of the Black- Shades organisation and the international takedown of the server to stop the sale of the software. The coordination meeting contributed to the US investigations through the identification of 20 customers of the BlackShades organisation.